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1.In which step of the Five-Step Methodology of Zero Trust are application access and user access 
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defined? 

A. Step 4: Create the Zero Trust Policy 

B. Step 3: Architect a Zero Trust Network 

C. Step 1: Define the Protect Surface 

D. Step 5: Monitor and Maintain the Network 
Answer: B 


2.Which two actions take place after Prisma SD-WAN Instant-On Network (ION) devices have been 
deployed at a site? (Choose two.) 

A. The devices continually sync the information from directories, whether they are on-premise, 
cloud-based, or hybrid. 

B. The devices establish VPNs over private WAN circuits that share a common service provider. 

C. The devices automatically establish a VPN to the data centers over every internet circuit. 

D. The devices provide an abstraction layer between the Prisma SD-WAN controller and a particular 
cloud service. 

Answer: A,D 


3.How can a network engineer export all flow logs and security actions to a security information and event 
management (SIEM) system? 

A. Enable syslog on the Instant-On Network (ION) device. 

B. Use a zone-based firewall to export directly through application program interface (API) to the SIEM. 
C. Enable Simple Network Management Protocol (SNMP) on the Instant-On Network (ION) device. 

D. Use the centralized flow data-export tool built into the controller. 

Answer: A 


4.How does the secure access service edge (SASE) security model provide cost savings to 
organizations? 

A. The single platform reduces costs compared to buying and managing multiple point products. 

B. The compact size of the components involved reduces overhead costs, as less physical space is 
needed. 

C. The content inspection integration allows third-party assessment, which reduces the cost of contract 
services. 

D. The increased complexity of the model over previous products reduces IT team staffing costs. 
Answer: A 


5.Which statement applies to Prisma Access licensing? 

A. Internet of Things (IOT) Security is included with each license. 

B. It provides cloud-based, centralized log storage and aggregation. 

C. It is a perpetual license required to enable support for multiple virtual systems on PA-3200 Series 
firewalls. 

D. For remote network and Clean Pipe deployments, a unit is defined as 1 Mbps of bandwidth. 
Answer: D 


6.Which product draws on data collected through PAN-OS device telemetry to provide an overview of the 
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health of an organization's next-generation firewall (NGFW) deployment and identify areas for 
improvement? 

A. Cloud Identity Engine (CIE) 

B. DNS Security 

C. security information and event management (SIEM) 

D. Device Insights 

Answer: D 


7.Which product leverages GlobalProtect agents for endpoint visibility and native Prisma SD-WAN 
integration for remote sites and branches? 

A. Cloud-Delivered Security Services (CDSS) 

B. WildFire 

C. CloudBlades: 

D. Autonomous Digital Experience Management (ADEM) 

Answer: D 


8.What is a key benefit of CloudBlades? 

A. automation of UI workflow without any code development and deployment of Prisma SD-WAN ION 
devices 

B. utilization of near real-time analysis to detect previously unseen, targeted malware and advanced 
persistent threats 

C. identification of port-based rules so they can be converted to application-based rules without 
compromising application availability 

D. configuration of the authentication source once instead of for each authentication method used 
Answer: A 


9.A customer currently uses a third-party proxy solution for client endpoints and would like to migrate to 
Prisma Access to secure mobile user internet-bound traffic. 

Which recommendation should the Systems Engineer make to this customer? 

A. With the explicit proxy license add-on, set up GlobalProtect. 

B. With the mobile user license, set up explicit proxy. 

C. With the explicit proxy license, set up a service connection. 

D. With the mobile user license, set up a corporate access node. 

Answer: B 


